2.9.2 create-auth-realm : Hitachi Application Server V10 Command Reference Guide (For Windows Systems)

Synopsis

asadmin [asadmin-options] create-auth-realm [--help]
    --classname realm_class [--property name=value[:name=value]...]
    [--target target_name] auth_realm_name

Storage location

Application Server installation directory/javaee/glassfish/bin

Function

The create-auth-realm subcommand adds the named authentication realm.

This command is supported in remote mode only.

Precondition

DAS has to be in a running state.

Files

You can specify the keyfile that stores user names, passwords, and group names for each realm.

The default file is domain-dir/config/keyfile.

Arguments

--help | -?

Displays the help text for the subcommand.

--target target_name

Specifies the target on which you are creating the realm.

Type: String

The following values can be specified:

server

Creates the realm on the default server instance. This is the default value.
configuration_name

Creates the realm in the specified configuration.
cluster_name

Creates the realm on all server instances in the specified cluster.
instance_name

Creates the realm on a specified server instance.

Default value: server

--classname realm_class

Specifies the Java class which implements this realm.

Type: String

The following values can be specified:

com.sun.enterprise.security.auth.realm.file.FileRealm
com.sun.enterprise.security.auth.realm.certificate.CertificateRealm
com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
com.sun.enterprise.security.auth.realm.ldap.PamRealm
A java class name that implements com.sun.appserv.security.AppservPasswordLoginModule class

Default value: N/A

--property name=value[:name=value]...

Specifies the optional attribute name-value pairs for configuring the authentication realm. The specification format is name=value. Use a colon (:) to separate property names. If you specify the same property name more than once, the property value specified last is valid.

The following properties are common to all of the supported realms including FileRealm, CertificateRealm, JDBCRealm, LDAPRealm, and PamRealm:

jaas-context=value

Specifies the Java Authentication and Authorization Service (JAAS) context.

Type: String

Default value: N/A

Range Value: N/A
assign-groups=value

Indicates that its value is taken to be a comma-separated list of group names. All the clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers.

Type: String

Default value: N/A

Range Value: N/A

The following properties are realm-specific:

FileRealm:

file=value

Specifies the file that stores user names, passwords, and group names. The default value is domain-dir/config/keyfile.

Type: String

Default value: domain-dir/config/keyfile

Range Value: N/A
CertificateRealm:

LoginModule=value

Specifies the name of a JAAS LoginModule to use for performing authentication. To use a JAAS LoginModule, you must first create an implementation of the javax.security.auth.spi.LoginModule interface, and then plug the module into a jaas-context.

Type: String

Default value: N/A

Range Value: N/A
JDBCRealm:

datasource-jndi=value

Specifies the jndi-name of the jdbc-resource for the database.

Type: String

Default value: N/A

Range Value: N/A

user-table=value

Specifies the name of the user table in the database.

Type: String

Default value: N/A

Range Value: N/A

user-name-column=value

Specifies the name of the user name column in the database's user table.

Type: String

Default value: N/A

Range Value: N/A

password-column=value

Specifies the name of the password column in the database's user table.

Type: String

Default value: N/A

Range Value: N/A

group-table=value

Specifies the name of the group table in the database.

Specify the group table for an authentication realm of the JDBCRealm class.

Type: String

Default value: N/A

Range Value: N/A

group-name-column=value

Specifies the name of the group name column in the database's group table.

Type: String

Default value: N/A

Range Value: N/A

db-user=value

Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used.

Type: String

Default value: N/A

Range Value: N/A

db-password=value

Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used.

Type: String

Default value: N/A

Range Value: N/A

digest-algorithm=value

Specifies the digest algorithm. The default algorithm is SHA-256. You can use any algorithm supported in the JDK, or none. If you have applications that depend on the MD5 algorithm, you can override the default SHA-25 algorithm by using the asadmin set subcommand:
```
asadmin set 
server.security-service.property.default-digest-algorithm=MD5
```
You can use the asadmin get subcommand to determine what algorithm is currently being used:
```
asadmin get 
server.security-service.property.default-digest-algorithm
```
Type: String

Default value: SHA-256

Range Value: N/A

digestrealm-password-enc-algorithm=value

Specifies the algorithm for encrypting passwords stored in the database. It is a security risk not to specify a password encryption algorithm.

Type: String

Default value: N/A

Range Value: N/A

encoding=value

Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default value is Hex. If digest-algorithm is not specified, by default no encoding is specified.

Type: String

Default value: If digest-algorithm is specified, the default is Hex, else by default no encoding is specified.

Range Value:

Hex

Base64

charset=value

Specifies the charset for the digest algorithm.

Type: String

Default value: N/A

Range Value: N/A
LDAPRealm:

directory=value

Specifies the LDAP URL to your server.

Type: String

Default value: N/A

Range Value: N/A

base-dn=value

Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance.

Type: String

Default value: N/A

Range Value: N/A

search-filter=value

Specifies the search filter to use to find the user. The default value is uid=%s (%s expands to the subject name).

Type: String

Default value: uid=%s

Range Value: N/A

group-base-dn=value

Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary.

Type: String

Default value: N/A

Range Value: N/A

group-search-filter=value

Specifies the search filter to find group memberships for the user. The default value is uniquemember=%d (%d expands to the user elementDN).

Type: String

Default value: uniquemember=%d

Range Value: N/A

group-target=value

Specifies the LDAP attribute name that contains group name entries. The default value is CN.

Type: String

Default value: CN

Range Value: N/A

search-bind-dn=value

Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search.

Type: String

Default value: N/A

Range Value: N/A

search-bind-password=value

Specifies the LDAP password for the DN given in search-bind-dn.

Type: String

Default value: N/A

Range Value: N/A

auth_realm_name

Specifies a short name for the realm. This name is used to refer to the realm.

Type: String

The following values can be specified:

Specify the realm name

Default value: N/A

Exit Status

Exit Status	Explanation
`0`	command executed successfully.
`1`	error in executing the command.